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(54) Cryptographic communication system 

(57) A cryptographic communication terminal (2) 
serving as one of information transmitting and receiving 
terminals in cryptographic communication includes a 
cryptographic algorithm storage section (13) for storing 
one or more types of cryptographic algorithm used for 
cryptographic communication, and outputting a desig- 
nated cryptographic algorithm, a key information stor- 
age section (12) for storing a key used for cryptographic 
communication corresponding to the cryptographic 
algorithm, and outputting a designated key, a control 
section (11) for designating, with respect to the crypto- 



graphic algorithm storage section (13) and the key infor- 
mation storage section (12), which cryptographic 
algorithm and key are to be used in the cryptographic 
communication, and an encryption/ decryption section 
(14) for decrypting received encryption information by 
using the cryptographic algorithm designated with 
respect to the cryptographic algorithm storage section 
(13) and the key designated with respect to the key 
information storage section (12), and encrypting infor- 
mation to be transmitted. 
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Description 

[0001] This application is based on Japanese Pat- 
ent Application No. 11-58592, filed March 5, 1999, the 
contents of which are incorporated herein by reference. 
The present invention relates to a cryptographic com- 
munication terminal, cryptographic communication 
center apparatus, cryptographic communication sys- 
tem, and storage medium and, more particularly, to a 
cryptographic communication terminal, cryptographic 
communication center apparatus, cryptographic com- 
munication system, and storage medium which are 
characterized in that a plurality of cryptographic algo- 
rithms can be used and a new cryptographic algorithm 
can be safely and efficiently registered and used. 
[0002] Various current devices connected to a net- 
work incorporate encryption techniques to prevent 
breaches of security. With the use of the these incorpo- 
rated encryption techniques, electronic business trans- 
actions, contents distribution businesses, and the like 
using networks as media are growing. These busi- 
nesses depend on the safety of the incorporated 
encryption techniques. Under the circumstances, stud- 
ies on the design of safe, efficient cryptographic algo- 
rithms have been enthusiastically conducted. 
[0003] According to a conventional system incorpo- 
rating an encryption technique, once system specifica- 
tions are determined by standardization or the like, a 
cryptographic scheme that can be used by the system is 
fixed. Consequently, the security level of the system is 
also fixed. 

[0004] On the other hand, studies on cryptanalysis 
of cryptographic algorithms have also been enthusiasti- 
cally conducted to evaluate the safety of the crypto- 
graphic algorithms concurrently with the studies on the 
design of safe cryptographic algorithms. Therefore, the 
cryptographic scheme used by a given system may be 
actually broken. 

[0005] If the cryptographic scheme used by the sys- 
tem is broken in this manner, the system cannot be 
used unless the cryptographic scheme is updated. That 
is, in order to continue safe network communication, the 
cryptographic scheme of the system must be updated. 
[0006] In updating the cryptographic scheme 
through the network, however, a problem is posed in 
terms of safety. For example, confidential information 
may leak to the outside. If the cryptographic scheme is 
to be updated without the mediacy of a network, updat- 
ing must be performed in all the devices in the system 
one by one. This makes it impossible to efficiently 
update the scheme. 

[0007] It is an object of the present invention to pro- 
vide a cryptographic communication terminal, crypto- 
graphic communication center apparatus, cryptographic 
communication system, and storage medium which can 
perform cryptographic communication by selecting a 
cryptographic algorithm. 

[0008] It is another object of the present invention to 



provide a cryptographic communication terminal, cryp- 
tographic communication center apparatus, crypto- 
graphic communication system, and storage medium 
which safely and efficiently register a new cryptographic 
5 algorithm through a network, and can make the regis- 
tered algorithm usable. 

[0009] According to the first aspect of the present 
invention, a cryptographic communication terminal 
comprises a cryptographic algorithm storage section for 

10 storing not less than one type of cryptographic algo- 
rithm used for cryptographic communication, and out- 
putting a designated cryptographic algorithm, a key 
information storage section for storing a key used for 
cryptographic communication corresponding to the 

15 cryptographic algorithm and for outputting the desig- 
nated key, control means for designating, with respect to 
the cryptographic algorithm storage section and the key 
information storage section, which cryptographic algo- 
rithm and key are to be used in the cryptographic com- 

20 munication, and encryption/decryption means for 
decrypting received encryption information by using the 
cryptographic algorithm designated with respect to the 
cryptographic algorithm storage section and the key 
designated with respect to the key information storage 

25 section, and encrypting information to be transmitted. 
[0010] According to the second aspect of the 
present invention, a cryptographic communication 
center apparatus comprises the cryptographic commu- 
nication terminal defined in claim 3, and when the algo- 

30 rithm decryption key is requested from the partner, 
inputs the corresponding algorithm decryption key as 
the information to be transmitted to the partner to the 
encryption/decryption means. 

[0011] According to the third aspect of the present 

35 invention, there is provided a computer readable stor- 
age medium storing a program which is used by a cryp- 
tographic communication apparatus serving as one of 
information transmitting and receiving apparatuses in 
cryptographic communication and implements a crypto- 

40 graphic algorithm storage section for storing not less 
than one type of cryptographic algorithm used for cryp- 
tographic communication, and outputting a designated 
cryptographic algorithm, a key information storage sec- 
tion for storing a key used for cryptographic communica- 

45 tion corresponding to the cryptographic algorithm and 
outputting a designated key, control means for designat- 
ing, with respect to the cryptographic algorithm storage 
section and the key information storage section, which 
cryptographic algorithm and key are to be used in the 

so cryptographic communication, and encryption/decryp- 
tion means for decrypting received encryption informa- 
tion by using the cryptographic algorithm designated 
with respect to the cryptographic algorithm storage sec- 
tion and the key designated with respect to the key infor- 

55 mation storage section, and encrypting information to 
be transmitted. 

[001 2] With these means, the present invention oan 
perform cryptographic communication upon selectively 
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using cryptographic algorithms. This makes it possible 
to perform cryptographic communication upon selecting 
a safer cryptographic scheme. 

[001 3] This summary of the invention does not nec- 
essarily describe all necessary features so that the 
invention may also be a sub-combination of these 
described features. 

[0014] The invention can be more fully under stood 
from the following detailed description when taken in 
conjunction with the accompanying drawings, in which: 

FIG. 1 is a view showing an example of a crypto- 
graphic communication system according to the 
first embodiment of the present invention; 
FIG. 2 is a block diagram showing an example of 
the arrangement of a cryptographic communication 
terminal; 

FIG. 3 is a block diagram showing an example of 
the arrangement of a cryptographic communication 
center apparatus; 

FIG. 4 is a block diagram showing how crypto- 
graphic communication is performed between ter- 
minals; 

FIG. 5 is a block diagram showing updating proce- 
dure #1 for acquiring both a cryptographic algo- 
rithm and its decryption key from a cryptographic 
communication center apparatus 3; 
FIG. 6 is a block diagram showing updating proce- 
dure #2 for acquiring only a cryptographic algorithm 
from another cryptographic communication termi- 
nal in a cryptographic communication system 
according to the second embodiment of the present 
invention; and 

FIG. 7 is a block diagram showing updating proce- 
dure #2 for acquiring a cryptographic algorithm 
decryption key from a cryptographic communica- 
tion center apparatus. 

[0015] The embodiments of the present invention 
will be described below. 

[0016] In each embodiment, encrypted data are 
represented by E1(x)[y], E2(x)[y], E(z, x)[y], and the like. 
In this case, reference symbol x denotes a key used for 
encryption; y, data to be encrypted; z, an algorithm used 
for encryption, and a | b, a concatenation between a and 
b. 

[0017] FIG. 1 shows an example of an crypto- 
graphic communication system according to the first 
embodiment of the present invention. 
[0018] In the cryptographic-communication system 
in FIG. 1 , cryptographic communication terminals 2 (to 
be also referred to as the terminals 2 hereinafter) and a 
cryptographic communication center apparatus 3 (to be 
also referred to as the center 3 hereinafter) are con- 
nected to various networks 1 such as the Internet and 
LAN. Communication (or cryptographic communication) 
between the terminals 2 and between the terminal 2 
and the center 3 can be executed through the network 



1. 

[0019] FIG. 2 is a block diagram showing an exam- 
ple of the arrangement of the cryptographic communi- 
cation terminal. 

s [0020] The cryptographic communication terminal 2 
is comprised of a control section 11, key information 
storage section 12, cryptographic algorithm storage 
section 13, encryption/decryption section 14, key infor- 
mation decryption section 1 5, cryptographic algorithm 

w decryption section 16, and ID storage section 17. The 
terminal 2 is a means having computer elements such 
as a CPU and memory, and implements the above func- 
tional means by the operation of the CPU controlled by 
programs. The terminal 2 also includes a communica- 

15 tion unit (not shown) for network communication. 

[0021] FIG. 3 is a block diagram showing an exam- 
ple of the arrangement of the cryptographic communi- 
cation center apparatus. 

[0022] The cryptographic communication center 

20 apparatus 3 is comprised of a control section 21, key 
information storage section 22, cryptographic algorithm 
storage section 23, encryption/decryption section 24, 
terminal key information storage section 25, algorithm 
decryption key storage section 26, key encryption sec- 

25 tion 27, update cryptographic algorithm storage section 
28, terminal authorization management section 29, and 
ID storage section 30. Similar to the terminal 2, the 
center 3 is a means having computer elements such as 
a CPU and memory, and implements the above func- 

30 tional means by the operation of the CPU controlled by 
programs. The center 3 also includes a communication 
unit (not shown) for network communication. 
[0023] Each constituent element of the crypto- 
graphic communication terminal 2 will be described first. 

35 [0024] The control section 1 1 controls the flow of 
data by controlling the sections 12 to 17, and supplies, 
for example, identification information (ID), messages, 
and the like to the functional sections 12, 13, and 14. 
The control section 11 also selects a private key and 

40 cryptographic algorithm to be used for cryptographic 
communication by designating ID information. 
[0025] The ID storage section 17 stores various 
IDs, e.g., the IDs of the center 3 and terminal 2, the ID 
of an algorithm (Al), and the ID of a key. 

45 [0026] The key information storage section 12 
stores encrypted key information (an algorithm decryp- 
tion key used to decrypt an encrypted cryptographic 
algorithm, in addition to key information for crypto- 
graphic communication). Upon reception of the ID of a 

so terminal or the like and an algorithm ID, the key informa- 
tion storage section 12 outputs encrypted key informa- 
tion corresponding to these data to the key information 
decryption section 1 5. 

[0027] The key information decryption section 15 
55 decrypts and outputs the key information transferred 
from the key information storage section 12 by using a 
unique private key. 

[0028] The cryptographic algorithm storage section 
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13 stores encrypted algorithms. Upon reception of an 
algorithm ID, the cryptographic algorithm storage sec- 
tion 13 outputs an encrypted cryptographic algorithm 
corresponding to the ID to the cryptographic algorithm 
decryption section 1 6. 

[0029] The cryptographic algorithm decryption sec- 
tion 1 6 decrypts the cryptographic algorithm output from 
the cryptographic algorithm storage section 13 by using 
the key received from the key information decryption 
section 15. 

[0030] The encryption/decryption section 14 
encrypts a message M by using the algorithm decrypted 
by the cryptographic algorithm decryption section 16 
and the communication key decrypted by the key infor- 
mation decryption section 15. 

[0031] Each constituent element of the crypto- 
graphic communication center apparatus 3 will be 
described next. 

[0032] The control section 21 controls the flow of 
information by controlling the operations of the sections 

22 to 30, and supplies IDs and the like to corresponding 
functional sections. The control section 21 selects a pri- 
vate key and cryptographic algorithm to be used for 
cryptographic communication by designating ID infor- 
mation, and also selects a cryptographic algorithm for 
which the terminal 2 generated an update request and a 
decryption key for the algorithm. 

[0033] The key information storage section 22 
stores private keys used for cryptographic communica- 
tion between the respective terminals 2 and the center 
3. Upon reception of a terminal ID, the key information 
storage section 22 outputs a corresponding private key 
to the encryption/decryption section 24. 
[0034] The cryptographic algorithm storage section 

23 stores various cryptographic algorithms. Upon 
reception of an algorithm ID, the cryptographic algo- 
rithm storage section 23 outputs a corresponding cryp- 
tographic algorithm to the encryption/decryption section 
24. 

[0035] The terminal key information storage section 
25 stores the unique private keys of the respective ter- 
minals. Upon reception of a terminal ID, the terminal key 
information storage section 25 outputs the private key of 
a corresponding terminal to the key encryption section 
27. 

[0036] The algorithm decryption key storage sec- 
tion 26 stores decryption keys for the respective 
encrypted cryptographic algorithms. Upon reception of 
an algorithm ID, the algorithm decryption key storage 
— section 26 outputs the decrypted key of a corresponding 
cryptographic algorithm to the key encryption section 
27. 

[0037] The key encryption section 27 encrypts the 
decryption key for the cryptographic algorithm by using 
the private key unique to the terminal, and outputs the 
resultant data to the encryption/decryption section 24. 
[0038] The update cryptographic algorithm storage 
section 28 stores a new cryptographic algorithm to be 



supplied to the terminal 2. Upon reception of an algo- 
rithm ID, the update cryptographic algorithm storage 
section 28 outputs an encrypted cryptographic algo- 
rithm corresponding to the ID to the encryption/decryp- 

5 tion section 24. 

[0039] The encryption/decryption section 24 
encrypts the algorithm decryption key output from the 
key encryption section 27 and/or the cryptographic 
algorithm output from the update cryptographic algo- 

w rithm storage section 28 by using the cryptographic 
algorithm from the cryptographic algorithm storage sec- 
tion 23 and the key received from the key information 
storage section 22. 

[0040] The terminal authorization management 

15 section 29 checks whether a terminal requesting an 
update cryptographic algorithm or its algorithm decryp- 
tion key has proper authorization, and permits process 
by the respective sections 21 to 28 only if the terminal 
has proper authorization. 

20 [0041] The ID storage section 30 stores the IDs of 
terminals, algorithms, algorithm decryption keys, and 
the like. Upon reception of an ID acquisition request 
from the terminal 2, the control section 21 transmits a 
corresponding ID from the ID storage section 30 to the 

25 requesting terminal 2. 

[0042] The operation of the cryptographic commu- 
nication system according to this embodiment having 
the above arrangement will be described next. 
[0043] Inter-terminal cryptographic communication 

30 will be described first. 

[0044] FIG. 4 shows how cryptographic communi- 
cation is performed between terminals. 
[0045] FIG. 4 shows a procedure for transmitting a 
message M from a terminal 2i to a terminal 2j upon 

35 encrypting it using a cryptographic algorithm Al. 

[0046] In this case, first of all, the control section 1 1 
of the terminal 2i extracts, from the ID storage section 
17, ID information IDj such as the name of the receiving 
terminal 2j or mail address and ID information IDAI of 

40 the cryptographic algorithm Al used for cryptographic 
communication. The message M is also input to the 
control section 1 1 . That is, the control section 1 1 also 
serves as a means for designating a cryptographic algo- 
rithm to be used. Note that each of the terminals 2i and 

45 2j has already requested the center 3 for necessary ID 
information and has received the ID information of the 
ID storage section 30 in the center 3. 
[0047] The message M is output from the control 
section 11 to the encryption/decryption section 14. At 

50— the-same time, IDAI is output to thexryptographic algo- 
rithm storage section 13, and IDj and IDAI are output to 
the key information storage section 12. 
[0048] In this case, key information is extracted 
from the key information storage section 12 in accord- 

55 ance with the input ID information and output to the key 
information decryption section 15. That is, an encrypted 
private key E1(Ki)[Kij] and algorithm decryption key 
~~E1(Ki)[KAI] are respectively output in accordance with 
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IDj and IDAI. In this case, Kij is a key for cryptographic 
communication between the terminals 2i and 2j. For 
example, a DES secret key or the like corresponds to 
this key Kij. 

[0049] The key information decryption section 15 
decrypts this encrypted key information by using key 
information Ki unique to the terminal, e.g., a password 
or the key stored in an IC card. Of this information, a 
decryption key KAI of the encrypted algorithm Al is out- 
put to the cryptographic algorithm decryption section 
16, and the key Kij is output to the encryption/decryption 
section 14. 

[0050] The cryptographic algorithm storage section 
13 outputs an encrypted cryptographic algorithm 
E2{KAI)[AI] to the cryptographic algorithm decryption 
section 16 on the basis of the ID information input from 
the control section 1 1 . 

[0051 ] The cryptographic algorithm decryption sec- 
tion 16 decrypts this input encrypted cryptographic 
algorithm by using the algorithm decryption key KAI and 
outputs the resultant data as the cryptographic algo- 
rithm Al to the encryption/decryption section 1 4. 
[0052] The encryption/decryption section 14 
encrypts the message M to be transmitted by using the 
input message M, cryptographic algorithm Al, and pri- 
vate key Kij. 

[0053] IDi representing the transmitting terminal 
and IDAI of the cryptographic algorithm to be used for 
this cryptographic communication are added to cipher- 
text E(AI, Kij)[M] generated in this manner. A communi- 
cation unit (not shown) transmits this ciphertext to the 
terminal 2j through the network 1 . 
[0054] In the terminal 2j which has received this 
cryptographic communication, first of all, the control 
section 11 outputs IDAI to the cryptographic algorithm 
storage section 13, and IDi and IDAI to the key informa- 
tion storage section 12. 

[0055] The key information storage section 12, 
which has received this ID information, outputs an 
encrypted private key E1(Kj)[Kij] and algorithm decryp- 
tion key E1(Kj)[KAI] to the key information decryption 
section 15. 

[0056] The key information decryption section 15 
decrypts these pieces of encrypted key information by 
using key information Kj unique to the terminal, e.g., a 
password or the key stored in an IC card. Of these 
pieces of information, KAI is output to the cryptographic 
algorithm decryption section 16, and Kij is output to the 
encryption/decryption section 1 4. 
~[0057] The cryptographic algorithm storage-section- 
13 outputs the encrypted cryptographic algorithm 
E2(KAI)[AI] to the cryptographic algorithm decryption 
section 16 on the basis of the ID information input from 
the control section 11 to the cryptographic algorithm 
storage section 1 3. 

[0058] The cryptographic algorithm decryption sec- 
tion 16 decrypts the cryptographic algorithm E2(KAI)[Al] 
by using the algorithm decryption key KAI, and outputs 



the resultant data as the algorithm Al to the encryption/ 
decryption section 14. 

[0059] The encryption/decryption section 14 
decrypts the ciphertext E(AI, Kij)[M] received from the 

5 terminal 2i by using the cryptographic algorithm Al and 
private key Kij and outputs the message M. 
[0060] In this manner, cryptographic communica- 
tion from the terminal 2i to the terminal 2j is realized by 
using the cryptographic algorithm Al. In this case, since 

10 the algorithm ID to be supplied first can be changed as 
needed, the cryptographic algorithm can be changed to 
any cryptographic algorithm as long as it is registered in 
both the terminals 2i and 2j. 

[0061] A registration (updating) procedure for 
15 acquiring a cryptographic algorithm from the centers 
that is not held in the terminal 2 and registering the new 
cryptographic algorithm will be described next. This 
updating procedure includes update procedure #1 by 
which both a cryptographic algorithm and its decryption 
20 key are acquired from the cryptographic communication 
center apparatus 3, and updating procedure #2 by 
which a cryptographic algorithm is acquired from 
another cryptographic communication terminal 2, and 
its decryption key is acquired from the center 3. In this 
25 embodiment, updating procedure #1 will be described. 
Update procedure #2 will be described in the second 
embodiment. 

[0062] FIG. 5 shows the processing in updating pro- 
cedure #1 by which both a cryptographic algorithm and 

30 its decryption key are acquired from the cryptographic 
communication center apparatus 3. 
[0063] FIG. 5 shows a case wherein the terminal 2i 
requests the center 3 for a new cryptographic algorithm 
Al' and a cryptographic algorithm decryption key KAI' 

35 corresponding to the cryptographic algorithm Al'. 

[0064] First of all, the terminal 2i transmits, to the 
center 3, the ID information IDi of the terminal 2i, ID 
information IDAI' of the up date cryptographic algorithm, 
and the ID information IDAI of the cryptographic algo- 

40 rithm to be used for update processing. Note that the 
terminal 2i has already acquired the ID information IDAI' 
and the like from the center 3 and has stored them in the 
ID storage section 17. 

[0065] In the cryptographic communication center 
45 apparatus 3 which has received each ID information, 
the received information is loaded into the control sec- 
tion 21 . The control section 21 inquires of the terminal 
authorization management section 29 whether the ter- 
minal 2i has authorization to acquire a cryptographic 
so -algonthm.-The-terminal 2Ltransmits password informa- 
tion or the like for identifying itself, as needed. This 
password information or the like is used by the terminal 
authorization management section 29 to check authori- 
zation. Note that the received information may be 
55- loaded into the control section 21 after authorization is 
confirmed. 

[0066] Upon confirmation of authorization, of the 
IDs loaded into the control section 21, the control sec- 
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tion 21 outputs IDAI to the cryptographic algorithm stor- 
age section 23, and IDi to the key information storage 
section 22. In addition, IDi is output to the terminal key 
information storage section 25; IDAI', to the algorithm 
decryption key storage section 26; and IDAI', to the 
update cryptographic algorithm storage section 28. 
[0067] In response to the ID information output from 
the control section 21 ,■ the cryptographic algorithm stor- 
age section 23 outputs the cryptographic algorithm Al to 
the encryption/decryption section 24. In addition, the 
key information storage section 22 outputs a key Kci to 
the encryption/decryption section 24. In this case, the 
key Kci is a common private key (e.g., a DES key) to be 
used for cryptographic communication between the ter- 
minal 21 and the center 3. 

[0068] In accordance with each input ID informa- 
tion, the terminal key information storage section 25 
outputs the key Ki unique to the terminal 2i to the key 
encryption section 27, and the algorithm decryption key 
storage section 26 outputs the key KAI' for the algorithm 
KAI' to the key encryption section 27. Note that the cryp- 
tographic communication center apparatus 3 holds all 
the keys (Ki, Kj, and the like) unique to the cryptographic 
communication terminals 2 which are registered in the 
terminal authorization management section 29. 
[0069] The key encryption section 27 encrypts the 
key KAI' by using the input key Ki unique to the terminal 
2i and cryptographic algorithm decryption key KAI', and 
outputs the encryption result as E1(Ki)[KAI'] to the 
encryption/decryption section 24. 
[0070] The update cryptographic algorithm storage 
section 28 outputs E2(KAI , )[AI , 1 to the encryp- 
tion/decryption section 24 on the basis of the input ID 
information. Note that E2(KAI')[AI'] has been obtained 
by encrypting the cryptographic algorithm Al' by use of 
key KAI' requested by the terminal 2L 
[0071] In this manner, the cryptographic algorithm 
Al, private key Kci and updated information E1(Ki)[KAI'] 
and E2(KAr)[AI'] are input to the encryption/ decryption 
section 24. The updated information E1(Ki)[KAI'] and 
E2(KAI')[AI'] are encrypted by the encryption/decryption 
section 24 using the private key Kci on the basis of the 
cryptographic algorithm Al. 

[0072] This formed ciphertext E(AI, Kci)[IDAI'| 
E1(Ki)[KAI']|E2(KAI')[AI'], IDc, and IDAI are transmitted 
from the communication unit of the center 3 to the termi- 
nal 2i through the network 1. That is, ID information 
(IDc, IDAI) is input to the control section 1 1 of the termi- 

Jl a L 2i, and the ciphertext E(AI, 

T<ci)liDAHET(W)[KAr]|E2(kAr)[Ar]] is input to the 
encryption/decryption section 14 of the terminal 2i. 
[0073] In the terminal 2i which has received this 
cryptographic communication, the pieces of received 
information are loaded into the control section 1 1 . Then, 
IDAI is output to the cryptographic algorithm storage 
section 13, and IDc and IDAI are output to the key infor- 
mation storage section 1 2. 

[0074] The key information storage section 12 out- 



puts an encrypted private key E1 (Ki)[Kci) and the algo- 
rithm decryption key E1(Ki)[KAI] to the key information 
decryption section 15. 

[0075] The key information storage section 12, 

5 which has received these pieces of encrypted key infor- 
mation, decrypts these pieces of information by using 
the key information Ki unique to the terminal. In this 
case, the key KAI and private key Kci are respectively 
output to the cryptographic algorithm decryption section 

10 1 6 and encryption/decryption section 1 4. 

[0076] The cryptographic algorithm storage section 
1 3, which has received IDAI from the control section 1 1 , 
outputs the encrypted cryptographic algorithm 
E2(KAI)[AI] to the cryptographic algorithm decryption 

15 section 16. Upon reception of this information, the cryp- 
tographic algorithm decryption section 16 decrypts the 
encrypted cryptographic algorithm E2(KAI)[AI] by using 
the algorithm decryption key KAI input from the key 
information decryption section 1 5, and outputs Al to the 

20 encryption/decryption section 1 4. 

[0077] The encryption/decryption section 14 
decrypts the ciphertext E(AI, Kci)[IDAI' |E1(Ki)[KAI'] | 
E2(KAI')[Ar]] received form the center 3 by using the 
cryptographic algorithm Al and private key Kci. After this 

25 decryption, in correspondence with IDAT, E1(Ki)[KAI'] 
and E2(KAI')[Ar] are respectively output to the key infor- 
mation storage section 12 and cryptographic algorithm 
storage section 1 3. 

[0078] In this manner, the encrypted key informa- 
30 tion and encrypt cryptographic algorithm are respec- 
tively registered in the key information storage section 
12 and cryptographic algorithm storage section 13 in 
correspondence with the ID information of the crypto- 
graphic algorithm Al'. Subsequently, therefore, each of 
35 the sections 12 and 13 outputs information about IDAI' 
upon reception of IDAI'. 

[0079] As described above, in the cryptographic 
communication terminal according to the first embodi- 
ment of the present invention, the control section 11 

40 designates a cryptographic algorithm to be used, and 
the cryptographic algorithm storage section 13, key 
information storage section 12, and encryption/ decryp- 
tion section 1 4 are used in accordance with this desig- 
nation. This allows cryptographic communication upon 

45 selecting one of a plurality of cryptographic algorithms 
for each communication, and inhibits the use of an algo- 
rithm exhibiting an increased possibility of being broken, 
thereby improving the safety of communication. 
[0080] In addition, according to the cryptographic 

so "communication teTmihal of this embodiment, the crypto- 
graphic algorithm itself is encrypted and stored in the 
cryptographic algorithm storage section 13. Even if, 
therefore, the cryptographic algorithm is stolen, crypta- 
nalysis and abuse of the algorithm can be prevented. 

55 [0081] Furthermore, since keys for cryptographic 
communication and algorithm decryption keys them- 
selves are encrypted, abuse of these pieces of informa- 
tion can be prevented upon theft. Even if, for example, 
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both an encrypted algorithm decryption key and an 
encrypted algorithm are stolen, safety can be main- 
tained. 

[0082] In the cryptographic communication terminal 
of this embodiment, when a new cryptographic algo- 
rithm and algorithm decryption key are requested, the 
response data are decrypted and respectively stored in 
the cryptographic algorithm storage section 13 and key 
information storage section 12. This makes it possible to 
safely and efficiently register a new cryptographic algo- 
rithm through a network. Once a cryptographic algo- 
rithm is registered, the algorithm can be used by only 
designating the corresponding algorithm ID. That is, the 
acquired algorithm can be easily used. 
[0083] In the cryptographic communication terminal 
of this embodiment, as the key information decryption 
section 15 for storing and processing the key Ki and the 
like unique to the terminal, a tamper-resistant unit 
whose internal structure is not easily analyzed, e.g., an 
1C card, is used. This realizes high robustness against 
the act of fraudulently acquiring the unique key, and 
hence can prevent fraudulent leakage of the crypto- 
graphic algorithm. 

[0084] The cryptographic communication center 
apparatus of this embodiment includes the update cryp- 
tographic algorithm storage section 28 and key informa- 
tion storage section 22, and transmits a requested 
cryptographic algorithm and algorithm decryption key to 
a requesting terminal upon encrypting them. This 
makes it possible to safely and efficiently distribute new 
cryptographic algorithms through a network. 
[0085] Even if, therefore, the currently used crypto- 
graphic scheme is broken, the scheme can be quickly 
updated to a new cryptographic scheme, thus easily 
realizing continuation of safe network communication. 
[0086] Furthermore, the cryptographic communica- 
tion center apparatus of this embodiment encrypts an 
algorithm decryption key by using a key unique to each 
terminal 2. Even if, therefore, a distributed algorithm 
decryption key is stolen, secrecy of the algorithm 
decryption key can be effectively maintained. 
[0087] Note that the same effects as described 
above can be obtained in a cryptographic communica- 
tion system constituted by cryptographic communica- 
tion terminals or a cryptographic communication system 
constituted by a cryptographic communication center 
apparatus as well as these cryptographic communica- 
tion terminals. 

[0088] The second embodiment will be described 

— next. — ~ — 

[0089] In this embodiment, another registration 
(updating) procedure for acquiring cryptographic algo- 
rithm that is not held in the terminal 2 in the crypto- 
graphic communication system according to the first 
embodiment will be described. 

[0090] A cryptographic communication system 
according to the second embodiment has the same 
arrangement as that of the cryptographic communica- 



tion system according to the first embodiment. These 
embodiments differ in cryptographic algorithms and 
algorithm decryption keys to be returned. For this rea- 
son, a control section 1 1 has the same arrangement as 

5 that in the first embodiment, and selects a cryptographic 
algorithm for which a terminal 2 generates an update 
request. These differences are those from the viewpoint 
of operation that changes depending on the ID informa- 
tion transmitted from the terminal 2 and/or ID informa- 

? o tion destination rather than those from the viewpoint of 
arrangement. Note that the same reference numerals 
as in the first embodiment denote the same parts in the 
second embodiment, and a detailed description thereof 
will be omitted. 

15 [0091] The operation of this embodiment will be 
described below. Note, however, that since crypto- 
graphic communication using an already registered 
cryptographic algorithm is the same as that in the first 
embodiment, a description thereof will be omitted, and 

20 updating procedure #2 for an algorithm to be newly reg- 
istered, which is different from updating procedure #1 
described in the first embodiment, will be described. 
[0092] FIG. 6 shows processing in updating proce- 
dure #2 for causing a given cryptographic communica- 

25 tion terminal to acquire only a cryptographic algorithm 
from another cryptographic communication terminal in 
the cryptographic communication system according to 
the second embodiment of the present invention. 
[0093] As the first process in updating procedure 

30 #2, the process of causing a given cryptographic com- 
munication terminal to acquire only a cryptographic 
algorithm from another cryptographic communication 
terminal will be described first. 

[0094] A terminal 2j has acquired a cryptographic 
35 algorithm Al* by updating procedure #1 or #2. Assume 
that a terminal 2i wants to communicate with the termi- 
nal 2j by Using the cryptographic algorithm Al' that is not 
held by the terminal 2i. In this case, before communica- 
tion, first of all, the terminal 2i acquires and registers the 
40 cryptographic algorithm Al' and its decryption key. This 
registration processing is realized by concurrently gen- 
erating an acquisition request for each information to 
the terminal 2j and a center 3. 

[0095] When the terminal 2i is to request the termi- 
45 nal 2j for the new cryptographic algorithm Al', the termi- 
nal 2i transmits IDi, ID information IDAI' of a 
cryptographic algorithm to be updated, and ID informa- 
tion IDAI of a cryptographic algorithm to be used for 
updating to the terminal 2j. 

so -[0096] In-the-terminal 2j-which has-received these 

pieces of information, the pieces of received information 
are loaded into the control section 11, and IDAI and 
IDAI' are output from the control section 1 1 to a crypto- 
graphic algorithm storage section 13. In addition, Idi and 
55 IDAI are output to a key information storage section 12. 
[0097] The key information storage section 12, 
which has received the ID information, outputs an 
"encrypted private key E1(Ki)[Kij] and algorithm decryp- 
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tion key E1(Kj)[KAI] to a key information decryption sec- 
tion 15. In addition, the key information decryption 
section 15 decrypts the encrypted key information by 
using key information Kj unique to the terminal, e.g., a 
password or the key held in a IC card, and outputs a key 
KAI to a cryptographic algorithm decryption section, and 
a key Kij to an encryption/decryption section. 
[0098] The cryptographic algorithm storage section 
13, which has received the ID information, outputs an 
encrypted cryptographic algorithm E2(KAI)[AI) for cryp- 
tographic communication to the cryptographic algorithm 
decryption section 16. In addition, an encrypted crypto- 
graphic algorithm E2(KAI')[Ar] to be transmitted to the 
terminal 2i is output to an encryption/decryption section 
14. 

[0099] A cryptographic algorithm decryption section 
1 6 extracts a cryptographic algorithm Al by decrypting 
the input encrypted cryptographic algorithm E2(KAI)[AI] 
using the algorithm decryption key KAI, and outputs the 
cryptographic algorithm Al to the encryption/decryption 
section 14. 

[0100] The encryption/decryption section 14 
encrypts the update information E2(KAI')[AP] by using 
the input cryptographic algorithm Al and private key Kij. 
This ciphertext E(AI, Kij)[IDAI' |E2(KAI , )[AI']), IDj, and 
(DAI are transmitted to the terminal 2i through the net- 
work 1 . 

[0101] These pieces of transmitted information are 
received by the terminal 2i and loaded into the control 
section 1 1 , and IDAI is output to the cryptographic algo- 
rithm storage section 13. In addition, the control section 
11 outputs IDj and IDAI to the key information storage 
section 12. 

[0102] The key information storage section 12 out- 
puts the encrypted private key E1 (Ki)[Kij] and algorithm 
decryption key E1(Ki)[KAI] to the key information 
decryption section 15 on the basis of the input ID infor- 
mation. 

[0103] The key information decryption section 15 
decrypts the input encrypt key information by using key 
information Ki unique to the terminal, e.g., a password 
or the key held in an IC card. Of the decrypted keys, the 
key KAI is output to the cryptographic algorithm decryp- 
tion section 1 6, and the key Kij for inter-terminal crypto- 
graphic communication is output to the 
encryption/decryption section 1 4. 
[0104] The cryptographic algorithm storage section 
13 outputs the cryptographic algorithm E2(KAI)[AI] 
encrypted on the basis of the input ID information to the 
cryptographic algorithm decryption section 16. The 
cryptographic algorithm decryption section 1 6 decrypts 
the encrypt cryptographic algorithm E2(KAI)[AI] by 
using the algorithm decryption key KAI, and outputs the 
cryptographic algorithm Al to the encryption/decryption 
section 14. 

[0105] The encryption/decryption section 14 
decrypts the ciphertext E(AI, Kij)[IDAr|E2(KAr)[AT]] by 
using the cryptographic algorithm Al and private key Kij. 



The decrypted information is the encrypted crypto- 
graphic algorithm E2(KAI')[Ar] and registered in the 
cryptographic algorithm storage section 13 in corre- 
spondence with IDAI'. 

5 [0106] In this manner, the new cryptographic algo- 
rithm Al' is registered in the terminal 2i. In order to make 
this information E2(KAI')[Ar] useable, a decryption key 
KAI' for decrypting the information E2(KAP)[AI'] and 
extracting Al' must be acquired. Since this decryption 

10 key KAI' is encrypted by using the private key unique to 
each terminal, this key cannot be acquired from another 
terminal 2j. For this reason, the terminal 2i must request 
the cryptographic communication center apparatus 3, 
which performs overall key management, to issue a 

15 decryption key encrypted with the private key unique to 
the terminal 2i. 

[0107] As the second process in updating proce- 
dure #2, the process of acquiring the cryptographic 
algorithm decryption key KAI' from the cryptographic 
20 communication center apparatus 3 will be described 
next. 

[0108] FIG. 7 shows processing in updating proce- 
dure #2 for acquiring a cryptographic algorithm decryp- 
tion key from the cryptographic communication center 

25 apparatus. 

[0109] First of all, the terminal 2i transmits, to the 
cryptographic communication center apparatus 3, the 
ID information IDi of the terminal 2i, ID information 
IDKAI' of a cryptographic algorithm decryption key to be 

30 requested, and the ID information IDAI of a crypto- 
graphic algorithm to be used for cryptographic commu- 
nication. 

[0110] In the cryptographic communication center 
apparatus 3 which has received these pieces of ID infor- 

35 mation, the pieces of received information are loaded 
into a control section 21 . Thereafter, a terminal authori- 
zation management section 29 checks authorization as 
in updating procedure #1 in the first embodiment. Note 
that the above pieces of information may be loaded into 

40 the control section 21 after this authorization check. 
[0111] Of these pieces of loaded ID information, 
IDAI and IDi are respectively output from the control 
section 21 to a cryptographic algorithm storage section 
23 and key information storage section 22. In addition, 

45 IDi and IDKAI' are respectively output to the terminal 
key information storage section 25 and an algorithm 
decryption key storage section 26. 
[01 1 2] The cryptographic algorithm storage section 
23 outputs the cryptographic algorithm Al to an encryp- 

so tion/decryption section 24 in accordance with this input 
ID information. In addition, the key information storage 
section 22 outputs a key Kci for cryptographic communi- 
cation between the terminal and the center to the 
encryption/decryption section 24 in accordance with the 

55 input ID information. A terminal key information storage 
section 25 outputs the key Ki unique to the terminal 2i to 
a key encryption section 27 in accordance with the input 
ID information. The algorithm decryption key storage 
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section 26 outputs a key KAl* to the key encryption sec- 
tion 27 in accordance with the input ID information. 
[0113] The key encryption section 27 encrypts the 
algorithm decryption key KAl' by using the input key Ki 
unique to the terminal 2i, and outputs E1 (Ki)[KAI'] as the 
encryption result to the encryption/decryption section 
24. This encryption result is the encrypted crypto- 
graphic algorithm decryption key information generated 
exclusively for the terminal 2i. 

[0114] The encryption/decryption section 24 
encrypts update information E1(Ki)[KAI'] by using the 
cryptographic algorithm Al and private key Kci. Cipher- 
text E(AI, Kci)[IDKAI' |E1(Ki)[KAI']] as the encryption 
result, IDc, and IDAI are transmitted to the terminal 2i by 
the communication apparatus through the network 1 . 
[0115] This cryptographic communication is 
received by the terminal 2i and loaded into the control 
section 1 1 . Of the information loaded into the control 
section 1 1 , IDAI is output to the cryptographic algorithm 
storage section 13, and IDc and IDAI are output to the 
key information storage section 12. 
[0116] The key information storage section 12, 
which has received the ID information, outputs the 
encrypted private key E1(Ki)[Kci] and algorithm decryp- 
tion key E1(Ki)[KAI] to the key information decryption 
section 15 in accordance with the ID information. Upon 
reception of these pieces of information, the key infor- 
mation decryption section 15 decrypts each key infor- 
mation by using the key information Ki unique to the 
terminal, e.g., a password or the key held in an IC card. 
Of these pieces of decrypted information, the keys KAl 
and Kci are respectively output to the cryptographic 
algorithm decryption section 16 and encryption/decryp- 
tion section 14. 

[01 17] The cryptographic algorithm storage section 
13 outputs the encrypted cryptographic algorithm 
E2(KAI)[AI] to the cryptographic algorithm decryption 
section 16 in accordance with the input ID information. 
[01 1 8] The cryptographic algorithm decryption sec- 
tion 16 decrypts this encrypted cryptographic algorithm 
E2(KAI)[AI] by using the algorithm decryption key KAl, 
and outputs the cryptographic algorithm Al as the 
decryption result to the encryption/decryption section 
14. 

[0119] The encryption/decryption section 14 
decrypts the ciphertext E(AI, Kci)[IDKAr|E1(Ki)[KAI']] 
received from the center 3 by using the cryptographic 
algorithm Al and private key Kci. This decrypted infor- 
mation E1(Ki)[KAI'] is registered the key information 
storage section 12 in correspondence with IDKAI'. 
[0120] As described above, in the cryptographic 
communication system according to the second embod- 
iment of the present invention, the same effects as 
those of the first embodiment can be obtained, and 
updating procedure #2 can reduce the load on the 
center 3 as compared with updating procedure #1 in the 
first embodiment for the following reason. In updating 
procedure #1, a terminal 2 requests the center for two 



keys for decrypting a new cryptographic algorithm and 
cryptographic algorithm, and the center transmits the 
two requested keys to the terminal 2. In contrast to this, 
in updating procedure #2, a given terminal requests 
5 another terminal for a new cryptographic algorithm and 
an algorithm decryption key corresponding to the center 
3. 

[0121] In addition, in the case of updating proce- 
dure #2 as well, since cryptographic algorithm transmis- 
10 sion processing and algorithm decryption key 
transmission processing are concurrently performed in 
a terminal and the center, these pieces of information 
can be acquired in the same period of time as that in 
procedure #1 . 

75 [0122] Note that the present invention is not limited 
to each embodiment described above. Various changes 
and modifications can be made within the spirit and 
scope of the invention. 

[0123] In each embodiment described above, for 

20 example, the keys Ki and Kj and the like unique to all the 
terminals 2 which are managed by the center 3 are 
common private keys used in DES and the like. How- 
ever, the present invention is not limited to this case. For 
example, a public key scheme such as RSA may be 

25 used, so private and public keys may be respectively 
held in each terminal 2 and the center 3. For example, 
Ki on the center side serves as a public key, and Ki on 
the terminal side serves as a private key. 
[0124] Although the center 3 in each embodiment 

30 does not have a cryptographic algorithm decryption 
section 16 and key information decryption section 15, 
the center 3 may include these sections to encrypt and 
store a cryptographic algorithm and the key used for 
communication so as to have the same cryptographic 

35 communication function as that of the terminal 2. That 
is, the communication function on the center 3 side can 
be appropriately designed in accordance with various 
situations, e.g., the security level and external access 
environments. 

40 [0125] In each embodiment described above, cryp- 
tographic communication is performed between termi- 
nals 2 or between the center 3 and a terminal 2 through 
a LAN, WAN, Internet, or the like. However, the applica- 
tion range of the present invention is not limited to this 

45 case. 

[0126] For example, even if the system of the 
present invention is to be used as a LAN or WAN sys- 
tem, the present invention can be applied to an intra- 
enterprise information management system as well as 
_ 50 — communication between-different corporations. This is 
because disclosure of certain information to unauthor- 
ized persons is often inhibited even within the same cor- 
poration. The present invention can also be effectively 
applied to a mail system. 
55 [0127] In addition, the present invention can be 
applied to a case wherein each terminal 2 serves as a 
fax transmission/reception apparatus, and crypto- 
graphic communication is performed between the appa- 
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ratuses. This is because even a telephone line can be 
tapped. In this case, the cryptographic scheme can be 
easily changed, and a fax network can be effectively 
used once it is built. In addition, portable telephones, 
PHS units, and the like may be used as the terminals 2 5 
in the present invention. 

[0128] Assume that scrambling used for cable TV 
broadcasting or satellite broadcasting, e.g., BS broad- 
casting, is regarded as encryption. According to the 
present invention, when this scrambling scheme is bro- 10 
ken, this scheme can be quickly and effectively changed 
to a new scrambling scheme. In this case, a BS tuner 
corresponds to the terminal 2, and the broadcast station 
serves as both the terminal 2 and the center 3. 
[0129] Likewise, the present invention can be 15 
applied to an ITV system, a two-way TV system, or the 
like. In this case, a set-top box corresponds to the termi- 
nal 2, and a system on the broadcasting side serves as 
both the terminal 2 and the center 3. 
[0130] As is obvious from the above cases, in the 20 
present invention, a data transmission line between the 
terminals 2 and between each terminal 2 and the center 
3 is not limited to a cable and may be a radio channel. 
[0131] In addition, the terminal in this invention is 
not limited to a single computer holding all the functions 25 
described above. For example, when the functions con- 
stituting the present invention described in each embod- 
iment are distributed in a server computer and other 
computers, a collection of these functions is also 
regarded as a terminal in the present invention. 30 
[0132] Note that the apparatuses described in the 
embodiments can be implemented by loading programs 
stored in storage media into computers. 
[01 33] The storage medium in the present invention 
may take any storage forms as long as it is a computer- 35 
readable storage medium capable of storing programs. 
For example, such a storage medium includes a mag- 
netic disk, floppy disk, hard disk, optical disk (CD-ROM, 
CD-R, DVD, or the like), magneto-optical disk (MO or 
the like), and semiconductor memory. *o 
[0134] In addition, an OS (Operating System) run- 
ning on a computer on the basis of commands from pro- 
grams installed from a storage medium into the 
computer, MW (middleware) such as database man- 
agement software or network software, or the like may 45 
execute part of the processes for implementing this 
embodiment. 

[01 35] The storage medium in the present invention 
includes not only a medium independent of the compu- 
ter-but also-a storage medium in which a program sent so 
through a LAN, Internet, or the like is downloaded and 
stored or temporarily stored. 

[0136] In addition, the number of storage media is 
not limited to one, and the storage medium of the 
present invention also includes a combination of media 55 
used to execute the processes in these embodiments. 
That is, the present invention is not limited to any spe- 
cific storage arrangement. 
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[0137] Note that the computer in the present inven- 
tion executes the respective processes in this embodi- 
ment on the basis of the programs stored in the storage 
medium, and the present invention may take any 
arrangement, e.g., an apparatus consisting of a single 
device such as a personal computer or a system consti- 
tuted by a plurality of devices connected to each other 
through a network. 

[0138] Furthermore, the computer of the present 
invention is not limited to a personal computer, and is a 
generic name for devices and apparatuses capable of 
implementing the functions of the present invention on 
the basis of programs, including processing units, 
microcomputers, and the like contained in data process- 
ing devices. 

Claims 

1. A cryptographic communication terminal (2) char- 
acterized by comprising: 

a cryptographic algorithm storage section (1 3) 
for storing not less than one type of crypto- 
graphic algorithm used for cryptographic com- 
munication, and outputting a designated 
cryptographic algorithm; 
a key information storage section (12) for stor- 
ing a key used for cryptographic communica- 
tion corresponding to the cryptographic 
algorithm, and outputting a designated key; 
control means (11) for designating, with 
respect to said cryptographic algorithm storage 
section (13) and said key information storage 
section (12), which cryptographic algorithm 
and key are to be used in the cryptographic 
communication; and 

encryption/decryption means (14) for decrypt- 
ing received encryption information by using 
the cryptographic algorithm designated with 
respect to said cryptographic algorithm storage 
section (13) and the key designated with 
respect to said key information storage section 
(1 2), and encrypting information to be transmit- 
ted. 

2. A terminal (2) according to claim 1 , characterized in 
that said cryptographic algorithm storage section 
(13) stores an encrypted cryptographic algorithm, 
and 

said terminal (2) further comprises crypto- 
graphic algorithm decryption means (16) for 
decrypting the encrypted cryptographic algo- 
rithm. 

3. A terminal (2) according to claim 2, characterized in 
that said key information storage section (12) stores 

* a key for an encrypted algorithm used to decrypt an 
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encrypted cryptographic algorithm as well as the 
key for cryptographic communication. 

4. A terminal (2) according to claim 3, characterized in 
that the key for the encrypted algorithm is a key for 5 
secret key cryptography. 

5. A terminal (2) according to claim 3, characterized in 
that the key for the encrypted algorithm is a key for 
public key cryptography. io 

6. A terminal (2) according to claim 1 , characterized in 
that said key information storage section (12) stores 
an encrypted key, and 

15 

said terminal (2) further comprises key infor- 
mation decryption means (15) for decrypting 
the encrypted key. 

7. A terminal (2) according to claim 1 , characterized in 20 
that said control means (11) instructs said crypto- 
graphic algorithm storage section (13) to output a 
requested cryptographic algorithm upon receiving a 
transmission request for any one of the crypto- 
graphic algorithms stored in said cryptographic 25 
algorithm storage section (13), and 

said encryption/decryption means (14) 
encrypts the requested cryptographic algo- 
rithm as the information to be transmitted. 30 

8. A terminal (2) according to claim 1 , characterized in 
that when a partner with which said terminal (2) 
communicates is an apparatus including said cryp- 
tographic communication terminal (2), said terminal 35 

(2) requests the partner for a new cryptographic 
algorithm and/or a key for a corresponding 
encrypted algorithm, decrypts a corresponding 
response by using said encryption/ decryption 
means (14), «o 

stores the requested cryptographic algorithm in 
said cryptographic algorithm storage section 
(13) upon receiving the cryptographic algo- 
rithm, and stores the requested key for the 45 
encrypt algorithm in said key information stor- 
age section (12) upon receiving the key. 

9. A cryptographic communication center apparatus 

(3) comprising said cryptographic communication so 
terminal (2) defined in claim 3, characterized in that 
when the algorithm decryption key is requested 
from the partner, said apparatus (3) inputs the cor- 
responding algorithm decryption key as the infor- 
mation to be transmitted to the partner to said 55 
encryption/decryption means (24). 

10. An apparatus (3) according to claim 9, character- 



ized in that said apparatus (3) comprises said cryp- 
tographic communication terminal (2) defined in 
claim 3, and an update cryptographic algorithm 
storage section (28) for storing a plurality of types of 
cryptographic algorithms decrypted by using a key 
for the encrypted algorithm, and 

said control means (21), when a cryptographic 
algorithm is requested from said cryptographic 
communication terminal (2), instructs said 
update cryptographic algorithm storage section 
(28), in place of said cryptographic algorithm 
storage section, to output the requested cryp- 
tographic algorithm as the information to be 
transmitted. 

11. An apparatus (3) according to claim 9, character- 
ized by further comprising key encrypt means (27) 
for, when the key for the encrypted algorithm is 
requested from said cryptographic communication 
terminal (2), encrypting the key for the encrypted 
algorithm to be transmitted, and inputting the 
encrypted key for the encrypted algorithm, as the 
information to be transmitted, to said encryp- 
tion/decryption means (24). 

1 2. An apparatus (3) according to claim 1 1 , character- 
ized in that said key encryption means (27) 
encrypts the key for the encrypted algorithm by 
using a key unique to a cryptographic communica- 
tion terminal (2) of the partner. 

13. A cryptographic communication system comprising 
not less than two cryptographic communication ter- 
minals (2) each defined in claim 1 . 

14. A cryptographic communication center apparatus 
(3) comprising not less than one cryptographic 
communication terminal (2) defined in claim 1 and 
not less than one cryptographic communication 
center apparatus (3) defined in claim 7. 

15. A computer readable medium storing a program for 
implementing: 

a cryptographic algorithm storage section for 
storing not less than one type of cryptographic 
algorithm used for cryptographic communica- 
tion, and outputting a designated cryptographic 
algorithm; 

a key information storage section for storing a 
key used for cryptographic communication cor- 
responding to the cryptographic algorithm, and 
outputting a designated key; 
control means for designating, with respect to 
said cryptographic algorithm storage section 
and said key information storage section, which 
cryptographic algorithm and key are to be used 
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in the cryptographic communication; and 
encryption/decryption means for decrypting 
received encryption information by using the 
cryptographic algorithm designated with 
respect to said cryptographic algorithm storage s 
section and the key designated with respect to 
said key information storage section, and 
encrypting information to be transmitted. 

16. A storage according to claim 15, wherein said cryp- 
tographic algorithm storage means further com- 
prises a program for storing an encrypted 
cryptographic algorithm, and 

implementing cryptographic algorithm decryp- 
tion means for decrypting the encrypted algo- 
rithm by using a key for the encrypted 
algorithm. 

17. A storage according to claim 15, characterized in 
. that said control means further comprises a pro- 
gram for, when a transmission request for any of the 
cryptographic algorithms stored in said crypto- 
graphic algorithm storage means is received, 
instructing said cryptographic algorithm storage 
means to output the requested cryptographic algo- 
rithm, and 



graphic algorithm storage means to output the 
requested cryptographic algorithm as the infor- 
mation to be transmitted. 

20. A system according to claim 13, characterized in 
that said cryptographic communication terminal (2) 
acquires the cryptographic algorithm and a decryp- 
tion key therefor from said cryptographic communi- 
cation center apparatus (3). 

21 . A system according to claim 1 1 , characterized in 
that said cryptographic communication terminal (2) 
acquires a cryptographic algorithm from another 
cryptographic communication terminal and 
acquires a corresponding decryption key from said 
cryptographic communication center apparatus (3). 



15 



20 



said encryption/decryption means further com- 
prises a program for encrypting the requested 30 
cryptographic algorithm as the information to 
be transmitted. 



18. A storage according to claim 16, characterized by 
further comprising a program for, when a key for the 35 
encrypted algorithm is requested from the partner, 
inputting the corresponding key for the encrypted 
algorithm, as the information to be transmitted to 

the partner, to said encryption/decryption means. 

40 

19. A cryptographic communication center apparatus 
having said storage medium defined in claim 16, 
characterized by comprising: 

update cryptographic algorithm storage means 45 
for storing a plurality of types of cryptographic 
algorithms encrypted by the key for the 
encrypted algorithm; and 
means for, when the cryptographic algorithm 
decryption~key-is- requested from the partner, so 
inputting a corresponding key for the encrypted 
algorithm, as information to be transmitted to 
the partner, to said encryption/decryption 
means, 

wherein said control means stores a program 55 
for, when a cryptographic algorithm is 
requested from said cryptographic communica- 
tion terminal, instructing said update crypto- 
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